Protecting Client Confidentiality

    1 FREE Audiobook RISK-FREE from AudibleIn this weeks podcast, we  discuss the importance of protecting client confidentiality in a consulting and professional services environment.

    1. What are some of the ways that a client’s confidential information can be exposed?Protect Client information confidential
      1. There is really any number of ways.  I once heard a story of a consultant who was privy to inside information of a client’s merger.  He was talking to his wife one night and just happened to mention that the client was in talks to merge with company X.
      2. So a couple of days later, the wife is meeting a friend for lunch and mentions that her husband is a consultant at this company and starts talking about this confidential merger.
      3. Well, the president of the company is at the next table and overheard their entire lunch conversation.
      4. I don’t know the exact ramifications that occurred, but I would assume the consulting firm – or at least the consultant – was asked to leave and legal action could possibly have been taken.
      5. But it’s just an example of how easy it is to let your guard down and how careful a consultant needs to be.
      6. Now that’s a fairly extreme situation.  More common is when you’re working at the client’s site and you have information about another client.
      7. Most consultants either work with multiple clients at the same time, or have been at other clients and receive calls or emails after they’ve left.
      8. If you’re just starting at a client and you still receive calls or emails from your previous client, you need to be careful not to handle those communications at your new client.
      9. You could be reading an email and an employee or manager from you new client could walk up behind you to ask a question.
      10. Not only could they see confidential information about another client, but they may wonder why you’re at their site, presumably billing them for your hours, but working on another client’s work.
      11. You may have only spent two minutes checking the email, but it was during those two minutes that they walked up.
    2. You probably don’t get a lot of privacy when you’re on a client site.
      1. In most situations that’s true.  You may get a cubicle, which is not very private.  In other cases, you could be in a team room.  An office or conference room with several other people, usually a mix of consultants and client staff members.
      2. If you take a call from a client, or even about a client, you’re probably going to be overheard by several people in your vicinity.
      3. I’ve always tried to step away and find a private conference room or maybe even an empty office, but that’s not always easy to do.
      4. I had one client that had a walkway between two buildings, which we called the bridge.  I often saw consultants walking over to the bridge to make private calls, but people would be walking back and forth through it.  Although they would only get a few seconds of the conversation while they walked by, that could be enough to get a snippet of confidential information.
      5. I even had situations where, if I had to make a confidential call, I’d go out to the parking lot and sit in my car to make the call.  It’s not the most perfect of situations, but it was about the most private place I could find.
      6. One other note about making calls like that at a client.  You don’t want to make too much of a habit of doing that.  After the client sees you stepping into a private room, or a bridge-like area or out to your car to make private calls, they begin to question your commitment to their project.
      7. They don’t know if you’re interviewing for another job or working on other clients’ projects.  All they know and care about is that you aren’t working on their project or you wouldn’t be so secretive.
    3. What considerations should a consultant think about when a client visits your own consulting offices?
      1. That’s usually an even bigger concern.  You potentially have information on any of your client’s laying around.  The client could go into a conference room and someone left another client’s confidential information on the table from a previous meeting.
      2. Or they could just be walking down a corridor and overhear a consultant talking on the phone with another client about confidential information.
      3. I’ve been involved in situations where a client doesn’t have the room to house a project team at their offices, so the work is done at the consulting firm’s offices.  And sometimes, part of the client team works with the consulting team at their offices.
      4. So they’re here on a day-to-day basis seeing anything that goes on at the consulting offices.  They’re privy to seeing other client’s teams that may be there and overhearing anything including a “How’s your project going?” conversation in the break room.
    4. What situations have you witnessed of client information being breached?
      1. I can give you two fairly embarrassing situations where I’ve breached it myself.  Once when I was working for Ernst & Young, I was doing a project in another town where I had to fly to that city every Monday morning.
      2. I’ve always hated to waste time so I usually got a jumpstart on my work on the plane.
      3. So I’m sitting there reviewing some documents and they guy next to me sees the Ernst & Young logo on my document.  He turns to me and asks if I work for E&Y.  I say yes and he introduces himself and says he’s a partner with the firm.
      4. So we talk for a few minutes and get to know each other.  Finally he says, you know, you really shouldn’t read confidential client information in a public place like a plane.  It’s against firm policy.
      5. I realized that I was reading a recommendation document to the client which had our logo as well as the clients.  It was bad enough that I was sitting next to a partner in my firm, but it could have been one of my client’s competitors who would have gotten some pretty good information if he had good enough eyes.
      6. I never got in trouble for that and ended up working with that partner on later projects and developing a good relationship with him.  But it could have seriously affected my consulting career.
      7. In another situation when I was with another company, I handled six or seven clients at the same time.  It was fairly hectic and I was always switching gears from one client to another.  It was very easy to confuse which client I was dealing with.
      8. So it’s a very busy day and I have to get a lot of information out to multiple clients.  I write up this email to a client and go to attach a document to it and inadvertently attach a spreadsheet with another client’s data.
      9. About an hour later, I got a reply from the woman stating “I think you sent me the wrong information.”
      10. Now, the information wasn’t highly confidential, but that’s not the point.  I don’t like to tell any clients who our other clients are.
      11. It’s also a bad reflection on me as a consultant that I was so careless in sending an attachment.
      12. I’m sure it made them wonder what data of theirs I’m sending to other clients.
    5. What are the ramifications when client confidentiality is breached?
      1. It can be on many levels.  As I mentioned, at the very minimum, it hurts your credibility to show that you’ve been careless with someone’s data.
      2. Whether you send another client’s data in an email attachment, get overheard in a phone conversation or are seen reading a client’s information on an airplane.  You’re showing a current client – or your boss – that you’re careless with confidential client information.
      3. As I also mentioned, if a client sees you working on another client, they get the impression that you’re billing them to work on another client.  Even if you aren’t billing them for that time, if you’re on their site, they usually aren’t going to be happy about you serving another client from there.
      4. There can be much higher implications as well.  Here in the US, there is the Health Information Portability and Accountability Act, better known as HIPAA which protects the confidentiality of any personal health information.  If you expose anyone’s personal health information, you and your company are subject to significant fines.  Anyone who works in healthcare consulting needs to be aware of that.
      5. And that can be done inadvertently.  If you send personal health information as an attachment in an unsecured email and it gets hacked, you and your company are liable.
      6. Consultants are privy to a lot of information about a their clients that the client’s own employees don’t have access to.  Consultants are involved in conversations about inside information such as mergers, bankruptcies and stock buybacks that are also expected to be kept confidential by law.
      7. They have to be careful not to expose that information, even by mistake in an elevator conversation.
      8. I’ve known clients to impose significant fines on a firm for these breaches.  They’ve even gone as far as removing consultants or entire firms from the client.
      9. If the breach is serious enough, it’s possible that the consultant could face legal action from the client or even from the government.
    6. What if you have two clients that compete in the same market?
      1. That can be fairly common.  If you’re a firm that specializes in an industry like financial services, you may have several clients that compete with each other.  If you’re talking to one client while on site at another, you need to be very careful.
      2. Worse yet, if one client visits your office, you want to make sure they don’t see any information associated with any other clients.  As I mentioned, I don’t like any clients knowing who our other clients are.
      3. But if they see any information or data that we have on another client, they could get an unfair advantage and our other client would be disadvantaged.
      4. Most firms sign what’s called a non-disclosure agreement or an NDA, with their clients.  That’s a legal agreement that they will not divulge any confidential information about the client or their business to anyone else.
      5. Even if they mistakenly and unintentionally leave confidential information out on a conference room table and a competing client happens to see it, you’ve violated your NDA.
      6. If the damaged client finds out, they can file for legal damages for the violation.
    7. What should consultants do to avoid exposing a client’s confidential information?
      1. As I mentioned, much of it is carelessness.  You leave a document out on your desk or up on your computer screen when you walk away for a minute.
      2. Or you hold a conversation not realizing that others can overhear what you’re saying.
      3. Nobody wants to be paranoid, but you almost have to lean that way.  You should always make sure you’re in a private setting and can’t be overheard by anyone.
      4. You also want to keep in mind that anything you bring up on your computer screen can be seen by anyone that walks behind you.  If you’re not in a very private setting where no one has access to your computer screen or even the paper documents on your desk, you shouldn’t have them out for anyone to see.
      5. When you leave your desk, even if you’re moving over five feet to talk to you neighbor, lock your computer screen.  You’re not just protecting what is currently up on your screen, but if you were pulled further away, anyone could go up to your computer and start browsing away.
      6. It’s just a good habit to lock it up for password protection.
      7. If you get a phone call from another client or from someone at your firm that wants to talk about another client, make sure you’re in a private place.  If you can’t find a room to step into, go out to your car or outside somewhere.
      8. Let them know that you’re not in a situation to talk confidentially and that you’ll call them back.
      9. Just keep in mind that you also don’t want to make your current client suspicious with all of your private conversations.  If it happens once or twice, that may be OK.  If it’s habitual, they may begin to wonder.
      10. Finally, when you’re in your offices, don’t get a false sense of security.  Be aware that employees from other clients can always be on site and make sure to lock your computer screen and avoid unnecessary conversations regarding confidential client information in public areas.
    8. What can a firm do to prevent confidential information from being exposed?
      1. I mentioned the non-disclosure agreement.  If they have an NDA with a client, they need to make sure that all the consultants on the project are aware of it and the specific requirements.
      2. They should also be aware of the ramifications if the agreement is violated.  I’m not a big fan of preaching to the consulting team, but this is serious enough to explain to them how serious this is.
      3. If any clients will be on site, you need to let everyone who might be in the office aware of it.  Consultants should practice care at all time, whether clients are on site or not.  But when a client is on site, everyone needs to be aware and they should take extra care not to leave documents out, to lock up their computers when they aren’t sitting at them and to avoid talking about confidential information.
      4. I like the idea of assuming that clients are there at all times just to make sure.
      5. Also, if you have two clients that compete in the same market, keep the project teams separated.  Many times they’re out at their own client sites, but some projects are done at the firm’s offices.
      6. If that happens, you can’t keep consultants on other teams from talking to each other.  Friends go to lunch and out for drinks whether they work on the same project or not.
      7. But you can separate where they work by putting them on different sides of the office to avoid them accidently hearing or seeing confidential information.
      8. That also works out better when a client comes to visit one of the projects.  It’s just safer if the competing client’s project is located on the other side of the office.
      9. I’ve even seen firms give projects code names so that it doesn’t give away the name of the client.
    9. Any final thoughts about protecting client confidentiality?
      1. It requires a great deal of diligence to make sure you protect the client’s information.
      2. You always have to be aware of your surroundings and keep it in mind.
      3. Most violations of client confidentiality are not intentional.  Few clients engage in espionage.  It’s more likely carelessness and unawareness of your surroundings.
      4. So always be aware of who might hear or see what you’re working on and have a little bit of paranoia.

    Next week’s topic: Protecting the Firm’s confidential information

     

    Consulting 101: 101 Tips for Success in Consulting

    Consulting 101: 101 Tips for Success in Consulting

    Consulting 101 provides you with 101 useful tips to optimize your professional performance and jump-start your consulting career with success.


    Tagged with 

    Leave a Reply

    Your email address will not be published. Required fields are marked *